GMP package signature

Niels Möller nisse at lysator.liu.se
Tue Nov 18 09:09:57 UTC 2014


Richard B. Kreckel wrote:

> I have trouble verifying the signature that accompanies gmp-6.0.0a:

Thanks for letting us know.

> The key 28C67298 is not in <ftp://ftp.gnu.org/pub/gnu/gnu-keyring.gpg>.

I'm sorry I don't know how that file is maintained or updated. The key
is in the keyring used by the GNU ftp upload machinery (or at least, it
was at the time of upload).

> The key is also not available from public key servers either (I tried
> <https://pgp.mit.edu/>).

I usually use the key servers which are default in gpg. Apparently they
don't communicate with the mit server.

> Could you, please, upload a copiously signed key to both sites listed
> above?

Key is now uploaded to the mit server (any hints on how to update
gnu-keyring.gpg?). I hope that solves the problem (and don't hesitate to
report any further problems, we really want this to work). The key was
signed by a bunch of people at last fosdem. (Probably not too hard for a
bad guy turn up there under my name, but I guess these key signing
parties still are a lot better than nothing).

We should probably also keep a copy of the key linked somewhere from the
GMP download webpage. Or at least link to a keyserver that is expected
to have the key, e.g.,
http://keys.gnupg.net/pks/lookup?op=get&search=0xF3599FF828C67298

Regards,
/Niels Möller

PS. I'm not subscribed to the gmp-discuss list, sorry for missing threading
headers etc.

-- 
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.


More information about the gmp-discuss mailing list